Le dimanche 15 février 2009 à 21:15 +0000, Jörg Sommer a écrit : > Hi Julien,
Hi Jörg, > Julien Valroff <[email protected]> wrote: > > The aim is to only update file properties of the changed packages. > > > > To achieve this goal, I need to get the list of changed packages, which > > I do in a script invokef through Pre-Install-Pkgs. > > > > The file properties can however only be updated once the packages are > > installed, hence I need to run rkhunter --propupd on Post-Invoke. > > > > How could I pass the list of changed packages between my both scripts? > > For now, I use a temporary file (I cannot even use a random name). Is it > > the right way? Could this have any security issues? > > I think this idea is fine. I don't have any other idea. As long as you > save only the names of the packages in the file, you shouldn't open any > security holes. Where do you save the file? In /var/lib/rkhunter? Yes, in /var/lib/rkhunter/tmp I only save the name of the changed packages. > > As a (better) alternative, is there a way to get the list of changed > > packages in Post-Invoke? > > You can search in dpkg's logfile /var/log/dpkg.log, but apt doesn't tell > you this in the post-invoke hook. I have thought of this, but the issue is to be sure to get the list of changed packages for each time apt is run, and I think time is not precise enough (should I consider parsing dpkg.log and take the entries of the last 10 minutes? What if the machine is very slow or if apt is called twice in this time frame?) In the meantime, I came across two other issues that prevents me from reaching my goal: * rkhunter --propupd <file> feature will only work if the file is already registered in the file properties database. This means that if a package is installed, full db update should be run (or data added by an external script which I am reluctant to do for security and maintenance reasons). I will discuss with upstream to check what can be done in rkhunter to fix this. * I have no idea how to deal with watched files which are in the alternatives system. For now, I am able to compare the upgraded .deb contents and compare with a static list of watched files. Alternative files being symlinks, the post invoke script cannot detect them and will hence fail to update the file properties database. This is for example the case of unhide For the last point, I fear there is unfortunately a good solution at the moment. Cheers, Julien -- Membre de l'April - « promouvoir et défendre le logiciel libre » - http://www.april.org Rejoignez maintenant près de 4 000 personnes, associations, entreprises et collectivités qui soutiennent notre action -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
